A recent post by Joël Collin-Demers on why Your LLM Doesn’t Need a US Passport pointed out two very important facts that you’re probably not aware of but should be:

1. Your company is feeding sensitive data to US-based LLMs every single day.

2. The US CLOUD Act lets American authorities demand data from any US-based provider REGARDLESS of where their servers sit in the world!

In other words, you’re giving the USA full access to all of your proprietary and confidential data anytime they want it — in full breach of your data localization laws if you’re NOT in the US and in a country with such laws (and if you’re not in the US and don’t yet have data localization laws to adhere to you will soon have such laws to deal with as a result of the US global over-reach for your data to feed its AI).

This is not just an AI problem (which, if you think you really need, you have other non-US options if you are not a US company as per Joel’s extensive list), it’s an overall SaaS/SaS problem. If you’re not a US company, you need to make sure that not only your data, but all of your applications (including, but not limited to, AI) are hosted in non-US owned data centres off of US soil without safe harbour agreements.